Skip to main content
Information Security Policy

Classe365 Information Security Policy Guidelines

Ashley Cooper avatar
Written by Ashley Cooper
Updated over 4 months ago

Classe365 Information Security Policy

Introduction

Securing your data is a top priority! Classe365 is committed to ensuring the integrity, confidentiality, availability, and security of its physical and information assets while maintaining privacy to serve the needs of its customers and organization. This commitment extends to meeting appropriate legal, statutory, and regulatory requirements.

To provide adequate protection for information assets, Classe365 has established an Information Security Management System (ISMS), which includes policies that must be followed diligently, consistently, and impartially. Classe365 will implement procedures and controls at all levels to protect the confidentiality and integrity of information stored and processed on its systems and ensure that information is available only to authorized persons as needed.

Classe365 Promise

Classe365 is committed to complying with all applicable regulations and laws in all locations and countries where Amazon AWS datacenter are operational. We take data integrity and security very seriously, earning the trust of over 6500 customers worldwide. As data processor, we acknowledge our responsibilities in protecting customer data.

Customer data security is integral to our product, processes, and team culture. Our facilities, processes, and systems are reliable, robust, and tested by reputable quality control and data security organizations. We continuously seek opportunities for improvement in the dynamic technology landscape to provide a highly secure, scalable system for a great customer experience. Classe365 ensures data security through compliance with GDPR and SOC 2 requirements.

Compliance and Certifications

  • GDPR Compliance: Classe365 complies with the General Data Protection Regulation (GDPR), providing EU citizens greater control over their personal data and assuring them of its protection. We help our users understand and comply with GDPR.

  • EU-U.S. Privacy Shield: Classe365 adheres to the principles of the EU-U.S. Privacy Shield, protecting the rights of EU residents whose personal data is transferred to the United States.

  • ISO 27001 Certification: Classe365 is pressuring to get ISO 27001:2013 certified, which ensures a comprehensive framework of policies and procedures to keep information secure. This certification covers all aspects of information security, including confidentiality, integrity, and availability. We aim to get the certification on or before 2025.

Physical and Network Security

Classe365 is hosted on Amazon's AWS platform and infrastructure, benefiting from a secure data center and network architecture. AWS data centers are protected by military-grade perimeter controls, professional security staff, video surveillance, and state-of-the-art intrusion detection systems.

Network Security:

  • Distributed Denial of Service (DDoS) Protection: AWS provides protection against DDoS attacks.

  • Man-in-the-Middle (MITM) Attack Prevention: AWS ensures protection against MITM attacks.

  • Port Scanning and Packet Sniffing: AWS protects against port scanning and packet sniffing by other tenants.

Administrative Operations

Classe365 uses two-factor authentication for administrative operations on both infrastructure and services. Administrative privileges are granted to a limited number of employees, with role-based access to ensure users have only the necessary permissions. All administrative access is logged and monitored by our internal security team, with detailed documentation of operations performed in the production environment.

Host Security

SSH keys are required for console access to our servers, and each login is identified by a user. Critical operations are logged to a central log server, and servers can only be accessed from restricted and secure IPs. Hosts are segmented based on functionality to ensure security.

Application Security

  • Secure Access: All application servers use secure HTTPS with industry-standard encryption.

  • Cross-Site Scripting (XSS): User inputs are encoded to prevent XSS vulnerabilities.

  • Cross-Site Request Forgery (CSRF): All POST requests are checked for CSRF tokens.

  • SQL Injection: Prepared statements are used for database access to prevent SQL injection attacks.

  • Encrypted Data Storage: Sensitive user information and third-party service keys are stored in encrypted form.

Data Storage and Redundancy

Classe365 uses Amazon's RDS for its database, configured with automated backups and Multi-AZ deployments for enhanced availability and durability. Backups are done every day midnight AEST. Each day's backup is held unto 7 days. The data is encrypted both at rest and in transit. The backups are secured using Advanced Encryption Standard (AES) 256-bit encryption.

Monitoring

Classe365 employs internal and external monitoring services to ensure the security of its environment. Our monitoring systems alert the concerned teams through emails and phone calls in case of any errors or abnormalities in the request patterns.

Disclosure

At Classe365, we continually work towards enhancing our system security. If you find any issues or have queries regarding our security, please contact us at [email protected]

Did this answer your question?